Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities
Plan PatchCVSS 9.1cisco-sa-ise-multi-G5WP8vvJun 17, 2026
Cisco
IT in OT - Cisco networking products are commonly deployed in OT environments
Attack path
Attack VectorNetwork
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated attacker to achieve remote code execution or conduct information disclosure attacks. Cisco has released software updates that address these vulnerabilities.
What this means
What could happen
An attacker with administrative credentials could execute arbitrary code on your ISE or ISE Passive Identity Connector, gaining full control over your identity and access control system, which could allow them to bypass authentication or impersonate authorized users.
Who's at risk
Organizations using Cisco ISE for identity and access management, including those running ISE Passive Identity Connector for network visibility and compliance. Relevant to utilities, water authorities, and industrial networks that rely on ISE for access control to critical systems and devices.
How it could be exploited
An attacker with high-level administrative privileges sends a specially crafted request to the ISE system over the network. The vulnerability in ISE or ISE-PIC fails to properly validate the request, allowing the attacker to execute arbitrary commands with system privileges.
Prerequisites
- Administrative credentials or access
- Network access to ISE or ISE-PIC management interface
- ISE or ISE-PIC system must be reachable from attacker's network
Remotely exploitableRequires administrative credentialsCritical severityAffects identity and access control systems
Exploitability
Unlikely to be exploited — EPSS score 0.8%
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
ISE Passive Identity ConnectorAll versionsFix available
Identity Services Engine SoftwareAll versionsFix available
Remediation & Mitigation
0/4
Do now
0/2HARDENINGRestrict administrative access to ISE and ISE-PIC to authorized personnel only and enforce strong authentication
HARDENINGLimit network access to ISE and ISE-PIC management interfaces to trusted administrative networks using firewall rules
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
ISE Passive Identity Connector
HOTFIXUpdate Cisco ISE Passive Identity Connector to the patched version released by Cisco
All products
HOTFIXUpdate Cisco ISE software to the patched version released by Cisco
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/7c747d88-d438-4a20-b10c-0fac62fdbd97Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.